Lab 7
1- The overall objective of the BIA is to identify the impact of outages. More specifically, the goal is to identify the critical functions that can affect the organization. After these you can identify the critical resources that support these functions. Each resource has a MAO and impact if it fails. The ultimate goal is to identify the recovery requirements.
An indirect objective of the BIA is to justify funding.
2- The first step towards creating a serious BCP is to identify the potential disasters one by one and determining what the potential impact might be on your business. In order to generate a professional and sound BCP, you have to understand the degree of the potential loss, which could occur. Some of the factors you
…show more content…
How critical are IT infrastructure to business
Bia shows urgent need for contingency plan
9- Let 's go back to daily backups for an example. If you back up at night at 6:00 p.m. and the server goes down the following day at 4:00 p.m., then you 've potentially lost 22 hours of data that was created during that day. If you have no ability to recreate that data, then the data is lost.
So your RPO from a business perspective will dictate that you need data down to the last transaction. For example, if you 're processing credit card transactions, you cannot afford to lose any transactions. So then your RPO becomes 0, which means you cannot afford any data loss.
So indirectly, that also dictates the kind of technology you need to put in place to ensure that you can achieve your RPO. This is very different from the RTO, although the RTO will also dictate the kind of technology you will need to put in place. The RTO is more about a maximum tolerable outage. So those work hand in hand in defining what we need to put in place to meet our objectives; one being how quickly we need things to be recovered and the other being to what point in time.
10- Risk management Plan (1)
Business Impact Analysis (2)
Business Continuity Plan (3)
Disaster Recovery Plan
event of a catastrophic disruption (fire) or disaster (hurricane) and a major IT or data center outage occurs
Business impact analysis (BIA) is a systematic process to determine and evaluate the potential effects of an interruption to critical business operations as a result of a disaster, accident or emergency. A BIA is an essential component of an organization's business continuance plan; it includes an exploratory component to reveal any vulnerabilities and a planning component to develop strategies for minimizing risk.
Create an implementation plan in which you recommend ways of implementing, monitoring and adjusting the BCP.
Do all critical employees understand their role should an outage/disaster occur? Are there third party vendors that need to be considered in the BIA? Is there an alternate site available, should the current building not survive? Is data stored at an off-site facility?
5. Of the three Systems/Application Domain risks, threats, and vulnerabilities identified, which one requires a disaster recovery plan and business continuity plan to maintain continued operations during a catastrophic outage? The mainframe or complete data loss. This should have an extensive DRP.
The purpose of the disaster recovery plan is to ensure the process of recovering mission critical systems has a plan of action in case of a disaster. The disaster recovery plan makes sure all the steps to bring up the critical to less critical systems
The first order of business is development of a Business Continuity Plan (BCP) it is vital to first understand the business processes and its impact on the DLA and DOD. While not all tasks and processes are deemed critical, all of the inter-related operations of the DLIS are requisite to service the mission.
Availability keeps data and resources available for authorized use, especially during emergencies or disasters. This policy will address common challenges to availability. Denial of Service this is due to intentional attacks or because of undiscovered flaws in implementation. The policy will address loss of information system capabilities because of natural disasters. The policy will also focus on equipment failures during normal use.
Firstly, Disaster Recovery, this is a procedure that needs to be implemented in the case an accident occurs within an organisation that may result in the loss of data, for example fire/ water damage. This is when a plan needs to be applied to allow the recovery of data; an example of this could be recovering the backup files, installing new equipment and uploading the backup on the new network. For this to be effective this recovery policy relies on backups to be done regularly, otherwise recovery would not be eligible. The disaster recovery policy is highly beneficial and important as it saves not only the organisation but their money and reputation.
Primary IT systems and data center, regional utility failure. All critical business operations moved off-site. Large-scale work-from-home/alternate site and remote access. All operations resume on-site in <30 days or a new site is required. Category-III type systems and application are desirable for carrying out least critical business operation and the plan will list them.
As part of our disaster recovery plan, we have configured one of the servers as a backup that contains a complete backup of the primary server. The backup server will be configured so that if the primary server fails, then the backup server will come online, so that there will be no interruption in service. Each week we will test the backup server to ensure that all the files are readable and accessible. Then, once a month we will test the recovery plan creating a failure to make sure the backup server comes online.
When performing a BIA, you are trying to assess and align the affected IT systems, applications, and resources to their required recovery time objectives (RTOs). The
Disasters have become an inevitable part of businesses and organizations as well. They not only have a major effect on business and organizational continuity; they also result to an overhaul in organizational operational mechanisms (Awasthy, 2009). It is for this reason that many organizations and business resort to preparing business continuity plans and disaster recovery plans that will facilitate better disaster management in future. Effective disaster recovery plans are important to every business and organization (Thejendra, 2008).
As a consultant brought into an organization concerned about business continuity I would recommend to first perform a Risk Assessment Analysis and/or Business Impact Analysis (BIA). Conducting a business impact analysis will allow an organization to know the system or application’s downtime tolerance. The analysis will identify all systems and applications that can experience little to no downtime. Conducting risk assessment analysis will allow the organization to identify all the risks at the beginning and during the life of the organization, and grade the risks in terms of likelihood of occurring and seriousness of impact on the organization. Either analysis is an excellent tool and will result in the beginning creations of disaster recovery and business continuity planning. If using the BIA method a good first step is identifying the business’ most crucial systems and processes to assess what effect the outages will have on the business. All systems or applications should have a back-up location offsite to ensure business continuity. The higher the impact the more money a company should spend in order to quickly gain restoration of their business.
We worked with the utility to perform a BIA to identify critical business processes, the likelihood of service disruption, and the projected cost of loss. We then helped the utility understand the business risks of systems and technology services interruption.